Setup script for Regon-ng
Clone or download
jhaddix Merge pull request #20 from dradford/env-based-shebang
Modified the shebang to allow this to work in virtualenvs
Latest commit ffa17e1 Mar 15, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore missed one more file Nov 4, 2017 - add Nov 4, 2017 - add Nov 4, 2017 Merge conflicts Mar 15, 2018 added Aug 24, 2016


Recon-ng and Alt-DNS are awesome. This script combines the power of these tools with the ability to run multiple domains within the same session.

TLDR; I just want to do my subdomain discovery via ONE command and be done with it.

Only 1 module needs an api key (/api/google_site) find instructions for that on the recon-ng wiki.

Script to enumerate subdomains, leveraging recon-ng. Uses google scraping, bing scraping, baidu scraping, yahoo scraping, netcraft, and bruteforces to find subdomains. Plus resolves to IP.


Installation recon-ng from Source

  1. Clone the Recon-ng repository

    git clone

  2. Change into the Recon-ng directory.

    cd recon-ng

  3. Install dependencies.

    pip install -r REQUIREMENTS

  4. Eventually link the installation directory to /usr/share/recon-ng

    ln -s /$recon-ng_path /usr/share/recon-ng

  5. Optionally (highly recommended) download:

  6. Create file and specify the path to recon-ng and allDNS as it showed in

Basic Usage


also supports:

  • -w to run a custom wordlist with recon-ng
  • -a to use alt-dns
  • -p to feed a custom permutations list to alt-dns (requires -a flag)
  • -i to feed a list of domains (can also type extra domains into the original command)

Advanced Usage

./ -i domainlist.txt -a -p permutationslist.txt -w

Output from recon-ng will be in .lst and .csv files, output from alt-dns will be in a .txt file

by @jhaddix and @leifdreizler